I'm currently designing a basic Java program that uses sockets to communicate from a server to multiple clients. I want the clients to be unmodified, however, to prevent against users trying to use ...

I have a project to do for my master's degree and I need to do a Java app which loads a file (read some attributes and copy the file to a working directory), basically any file, and make the working ...

I am working on a web-service based crypto project in JAVA. The basic idea is for the client to send a SOAP request to a servlet to encrypt data. For data transmission I am using MIME/data-handlers ...

Context:
I am using this tutorial and trying to understand and implement salted password hashing using Java. After spending some time on this topic, I figured out that the basic idea is to:
Convert ...

In the wake of the POODLE attack, many web sites have dropped support for SSLv3. But some clients still in relatively common use as of May 2015 still initiate the handshake with an SSLv2 ClientHello ...

I am currently developing a REST API with Java EE and MySQL, it will feed Data to a Android App. The Data comes from an AngularJS Frontend.
So my questions are, when:
When do I escape the data? Before ...

Definition of XSS
If you search the web, there are many different ways to define a cross site scripting attack. Simply put, XSS vulnerabilities occur when a malicious attacker is permitted to inject ...

I am in penetration testing on a server with Linux RHEL6/7 os. Vulnerability databases such as http://www.cvedetails.com/ mentioned the vulnerability CVE-2014-2483 for Java in Linux RHEL systems. I ...

I'm developing a JS based SPA and the backend is a rest api which uses HMAC. The site/app doesn't have the concept of registered users but it has the concept of session.
How do i make sure that the ...

Anyone can purchase a code signing certificate. They are cheap and do not involve much validation. Yet Oracle must have determined that disabling execution of unsigned applications increases security.
...

Someone stepped up to me calling me out on not assigning a new session-ID on successfull login.
Basically i was told: The fact that i use the same cookie (with the same SID) in the login-page as well ...

We have two active directory (AD) hosts, ead01.domain.com and ead02.domain.com; we also have a corresponding service domain, at eadauth.domain.com which round-robins between these AD hosts (via DNS).
...

I am designing an anomaly-based intrusion detection system in java. It basically consists of a sniffer that identifies HTTP header fields and then analyze them according to a previous configured XML ...

I'm currently implementing a rest web service with Spring+Java+Tomcat and a cmd client to access it. The most important requirement is to restrict the usage to authenticated users - encryption isn't ...